Blog
SvelteKit hooks: handle CORS for browser clients while server load functions bypass it
Server load and actions run on Node; only browser navigations need CORS headers on external APIs.
1 min read
sveltekitcorsserver
Adapter targets
Cloudflare Workers and Node adapters differ in streaming support—test CORS preflight on each.
Use environment modules for secrets instead of hardcoding API keys in hooks.
Progressive enhancement
Forms should degrade gracefully when third-party APIs block CORS from the client.
Document which endpoints require server-only routes for compliance.